# Connecting through Tailscale

[Tailscale](https://tailscale.com/blog/how-tailscale-works) is a managed virtual private network (VPN). It creates a private mesh network called a tailnet.

Every device on the tailnet then receives a stable private IP address, and can communicate directly to every other device.

## Enabling the connection from Structural <a href="#tailscale-enable-connection" id="tailscale-enable-connection"></a>

To allow Tonic Structural to reach a database through Tailscale, you:

1. Add the database server as a node on your tailnet, either directly or behind a subnet router.
2. Provide Structural with:
   1. An OAuth client credential.
   2. The access control list (ACL) tags for Structural to advertise when it joins the tailnet. Your tailnet ACL policy must allow those tags to reach the database's IP address and port.

## Configuring Tailscale tunneling

From the workspace configuration, to connect through Tailscale:

1. If the connector supports multiple tunneling options:

   1. Toggle **Enable Connection Tunnel** to the on position.
   2. From the **Tunnel type** dropdown list, select **Tailscale Tunnel**.

   If the data connector only supports Tailscale tunneling, then it is selected automatically.
2. In the **Tags** field, provide a comma-separated list of ACL tags to use to join the tailnet. For example, `tag:tonic-worker`.
3. Optionally, in the **Control Server URL** field, provide the URL. This is intended for customers who use Headscale or a self-hosted Tailscale control plane.
4. In the **Tailscale Auth Key** field, provide a Tailscale OAuth client credential. Structural does not support other types of Tailscale keys, such as user auth keys.\
   \
   You create the credential from the [OAuth clients](https://tailscale.com/docs/features/oauth-clients) page in your Tailscale admin console.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](/app/workspace/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/app/workspace/workspace-configuration-settings/data-connection-settings/using-a-connection-tunneling-option/connecting-through-tailscale.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.